Re: Securing Apache: vserver or chroot ?
Hi Jesus, Jesus Climent wrote: * Chroot The linux system call to jail a subtree. Has to be created and maintained manually. You can try 'jailtool', if you like: $ apt-cache show jailtool [...] Description: Tool to build chroot-jails for daemons. Jailtool provides an easy way to build chroot-jails for daemons. It can make use of Perl CPAN .packlist files and Debian package information. The jail is copied from the base system, the amount of copied data can be configured. . New init.d-scripts for daemons can be generated to automagically start in the jail. - Alexander -- fighting for peace is like fucking for virginity msg07467/pgp0.pgp Description: PGP signature
Re: encrypted filesystem on pre-existing filesystem?
Hello, Am Sam, 2002-10-19 um 08.32 schrieb Bill Wagner: I've got a few boxes running testing/unstable and I'd like to test running encrypted filesystems on some of them. My question is if it's possible to set up a pre-existing reiserfs or ext3 filesystem for encryption. Yes it is possible. From what I've seen, it's more or less mounting it as loopback with losetup but it appears you've got to set up the encryption before creating the filesystem. Well, sort of :) You create a new file (with the size of the soon-to-be encrypted FS) *ontop* of your regular ReiserFS (or ext2/3, JFS...) with the dd command. ie: dd if=/dev/urandom of=~/.crypto bs=1024k count=10 Thats will create a 10Mb File. For the next step you need to have a kernel supporting cryto and a patched mount/losetup. Set up a loop-device for this file with: losetup -e ciphername /dev/loop0 ~user/.crypto Now make some FS on that file: mke2fs /dev/loop0 (or mk.reiserfs..) Thats basically it. I'd recommend reading the Encryption HOWTO to make things a bit clearer. Is it typically best to use the 'AES' encryption with a extremely long pass phrase, BTW? I am no expert for ciphers. I personally use the Twofish cipher with one hell of a long pass phrase ;) PS: Will this ever be an option available at install time (or is it already and I just missed it?) I dont know an answer to that. -- Matthias Hentges [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Dear friends, never miss the chance to travel in China, thebeautiful and mysterious place to be!
[EMAIL PROTECTED] writes: 1000 times: charset=ISO-8859-1; charset=ISO-8859-1; charset=ISO-8859-1; err, can you at least fix your broken spam program before posting to the list? Arne -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
encrypted filesystem on pre-existing filesystem?
I've got a few boxes running testing/unstable and I'd like to test running encrypted filesystems on some of them. My question is if it's possible to set up a pre-existing reiserfs or ext3 filesystem for encryption. From what I've seen, it's more or less mounting it as loopback with losetup but it appears you've got to set up the encryption before creating the filesystem. Is it typically best to use the 'AES' encryption with a extremely long pass phrase, BTW? Thanks in advance, Bill PS: Will this ever be an option available at install time (or is it already and I just missed it?)
Re: Securing Apache: vserver or chroot ?
Hi Jesus, Jesus Climent wrote: * Chroot The linux system call to jail a subtree. Has to be created and maintained manually. You can try 'jailtool', if you like: $ apt-cache show jailtool [...] Description: Tool to build chroot-jails for daemons. Jailtool provides an easy way to build chroot-jails for daemons. It can make use of Perl CPAN .packlist files and Debian package information. The jail is copied from the base system, the amount of copied data can be configured. . New init.d-scripts for daemons can be generated to automagically start in the jail. - Alexander -- fighting for peace is like fucking for virginity pgptxFz9Blg6P.pgp Description: PGP signature
Re: encrypted filesystem on pre-existing filesystem?
Hello, Am Sam, 2002-10-19 um 08.32 schrieb Bill Wagner: I've got a few boxes running testing/unstable and I'd like to test running encrypted filesystems on some of them. My question is if it's possible to set up a pre-existing reiserfs or ext3 filesystem for encryption. Yes it is possible. From what I've seen, it's more or less mounting it as loopback with losetup but it appears you've got to set up the encryption before creating the filesystem. Well, sort of :) You create a new file (with the size of the soon-to-be encrypted FS) *ontop* of your regular ReiserFS (or ext2/3, JFS...) with the dd command. ie: dd if=/dev/urandom of=~/.crypto bs=1024k count=10 Thats will create a 10Mb File. For the next step you need to have a kernel supporting cryto and a patched mount/losetup. Set up a loop-device for this file with: losetup -e ciphername /dev/loop0 ~user/.crypto Now make some FS on that file: mke2fs /dev/loop0 (or mk.reiserfs..) Thats basically it. I'd recommend reading the Encryption HOWTO to make things a bit clearer. Is it typically best to use the 'AES' encryption with a extremely long pass phrase, BTW? I am no expert for ciphers. I personally use the Twofish cipher with one hell of a long pass phrase ;) PS: Will this ever be an option available at install time (or is it already and I just missed it?) I dont know an answer to that. -- Matthias Hentges [EMAIL PROTECTED]
Re: [OT] secure, minimal Debian installation for linux-based thin clients?
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote: Now, we're looking to upgrade the Linux on these thin clients. I like Debian, so that's one obvious choice. However, a standard Debian install (e.g. what I run on my machine) gives us much more than we need. This isn't fatal, since the filesystem is NFS-mounted, but it's not clean, either. Is there a Debian-derived minimal distribution? Or should we just install the base Debian system, add X via tasksel, and add/remove remaining items with dselect or apt-get? You might want to drop in on the Debian Beowulf crowd, since a beowulf is basically a whole lot of thin clients. pbuilder is useful for defining your own base.tgz file if you want to go that way. -- -- Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org --
Re: [OT] secure, minimal Debian installation for linux-based thin clients?
Towards the end of the Debian installation process, when you're asked whether you want to run tasksel or dselect, you can choose dselect and exit it before installing any packages. If you do that, you're left with a really minimal install. You might be able to base your work on this. since this is the way I usually work and I've tried to build a debian based thin client myself.I can say that woody base contains a lot of packages which you really don't want/need on a thin client. Gr, Ivo van Dongen
Re: Dear friends, never miss the chance to travel in China, the beautiful and mysterious place to be!
[EMAIL PROTECTED] writes: 1000 times: charset=ISO-8859-1; charset=ISO-8859-1; charset=ISO-8859-1; err, can you at least fix your broken spam program before posting to the list? Arne
opportunity to own gold
Launched 9th March! Introduced by We are a 100% Cheat Proof E-Gold Income Program where you get paid $1 on 5 levels. The cost to join is only $5! What you get with your membership of $5 5 level deep income machine, getting paid $1 per level Instant payments All money goes straight into your E-Gold account Your own replicated website created within seconds A cheat proof program, people can only join after they pay you! Great E-books and promotional tools in your members area All money you earn is yours, There are no admin fees! How it works You join and pay the 5 positions of your upline You then get your own website like this with your information in the level 1 position You refer people and get paid $1 and move to their level 2 position on their page You get paid $1 for every member they refer then you get put onto level 3 of their referrals websites getting paid another $1 for all their referrals then you go onto level 4 of their downline and level 5 of their referrals downline. You are now earning money on 5 levels and when any of your downline refer other members you will be paid $1 again! If every one just refers 3 members you will get paid $363 into your e-gold account. Not bad from an initial $5. You will earn a lot more if you get more referrals! Ready to sign up ? Go to: http://www.fivegold.com/cgi-bin/five/five.cgi?jbrreed ___ this is no spam you or someone sign up at my adzmlm site from this e-mail address. ---